<?php
session_start();

$_SESSION["errmsg"] = '';
require_once '../include/config.lib.php';
require_once '../include/database.lib.php';

if(isset($_SESSION["accountNo"]))
{//user has logged in

	ConnectToDB();// Connect to the DB.
	$selectid = DBExecute("SELECT id FROM person WHERE username = ?",$_SESSION["accountNo"]);
	$id = $selectid->fetchAssocRow();//find the person's id to redirect to the person's own page
	$url = "../person_view.php?id=".$id["ID"]."#maintabs-4";
	
	if(0)//this part is not needed right now, maybe useful latter, 
	{
		$_SESSION["errmsg"] = '';
		echo "<HTML><META http-equiv=\"refresh\" content=\"0; url='".$url."'\"></HTML>";//redirect to the person's own page
	}
	else 
	{
		if($_POST["newpassword"] != $_POST["confirmpassword"])
		{
			$_SESSION["errmsg"] = 'Passwords don\'t match!';
			echo "<HTML><META http-equiv=\"refresh\" content=\"0; url='".$url."'\"></HTML>";//redirect to the person's own page
		}
		
		else if($_POST["newpassword"] != null && !preg_match("/[a-zA-Z0-9]{4,16}/", $_POST["newpassword"]))
		{
			$_SESSION["errmsg"] = 'Password should be string with 4-16 letters or digits!';
			echo "<HTML><META http-equiv=\"refresh\" content=\"0; url='".$url."'\"></HTML>";//redirect to the person's own page
		}
		
		else if(!preg_match("/^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*@([a-z0-9_][-a-z0-9_]*(\.[-a-z0-9_]+)*\.(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z][a-z])|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(:[0-9]{1,5})?$/i", $_POST["newemail"]))
		{
			$_SESSION["errmsg"] = 'Wrong email format!';
			echo "<HTML><META http-equiv=\"refresh\" content=\"0; url='".$url."'\"></HTML>";//redirect to the person's own page
		}
		else 
		{
			//set defaut value
			$shown["name"] = 'n';
			$shown["username"] = 'n';
			$shown["email"] = 'n';
			$shown["affiliation"] = 'n';
			$shown["joindate"] = 'n';
			$shown["description"] = 'n';
			$shown["friendlist"] = 'n';
			$shown["paperread"] = 'n';
			$shown["publication"] = 'n';//n means private
			
			if($_POST["radio"] == 'public')//y means public
			{
				$shown["name"] = 'y';
			}
			if($_POST["username"] == 'public')//y means public
			{
				$shown["username"] = 'y';
			}
			if($_POST["email"] == 'public')//y means public
			{
				$shown["email"] = 'y';
			}
			if($_POST["affiliation"] == 'public')//y means public
			{
				$shown["affiliation"] = 'y';
			}
			if($_POST["joindate"] == 'public')//y means public
			{
				$shown["joindate"] = 'y';
			}
			if($_POST["description"] == 'public')//y means public
			{
				$shown["description"] = 'y';
			}
			if($_POST["friendlist"] == 'public')//y means public
			{
				$shown["friendlist"] = 'y';
			}
			if($_POST["paperread"] == 'public')//y means public
			{
				$shown["paperread"] = 'y';
			}
			if($_POST["publication"] == 'public')//y means public
			{
				$shown["publication"] = 'y';
			}
			
			if(strlen($_POST["newpassword"]) >= 4)
			{
				$newpassword = strtoupper(SHA1($_POST["newpassword"]));
				$change = DBExecute("UPDATE person SET PASSWORD = ?,
												   EMAIL = ?, 
												   DESCRIPTION = ?,
												   AFFILIATION = ?,
												   SHOWPUBLICATION = ?, 
												   SHOWNAME = ?, 
												   SHOWUSERNAME = ?, 
												   SHOWAFFILIATION = ?, 
												   SHOWJOINDATE = ?, 
												   SHOWDESCRIPTION = ?, 
												   SHOWFRIENDLIST = ?, 
												   SHOWPAPER = ?, 
												   SHOWEMAIL = ? WHERE username = ?",
						array($newpassword,$_POST["newemail"],$_POST["newdescription"],
								$_POST["newaffiliation"],$shown["publication"],$shown["name"],
								$shown["username"],$shown["affiliation"],$shown["joindate"],
								$shown["description"],$shown["friendlist"],$shown["paperread"],
								$shown["email"],$_SESSION["accountNo"]));
			}		
			
			else
			{
				$change = DBExecute("UPDATE person SET SHOWNAME =?, 
												   EMAIL =  ?, 
												   DESCRIPTION =  ?,
												   AFFILIATION =  ?,
												   SHOWPUBLICATION = ?,   
												   SHOWUSERNAME = ?, 
												   SHOWAFFILIATION = ?, 
												   SHOWJOINDATE = ?, 
												   SHOWDESCRIPTION = ?, 
												   SHOWFRIENDLIST = ?, 
												   SHOWPAPER = ?, 
												   SHOWEMAIL =? WHERE username = ?",
						array($shown["name"],$_POST["newemail"],$_POST["newdescription"],
								$_POST["newaffiliation"],$shown["publication"],$shown["username"],
								$shown["affiliation"],$shown["joindate"],$shown["description"],
								$shown["friendlist"],$shown["paperread"],$shown["email"],
								$_SESSION["accountNo"]));
	//			$_SESSION["errmsg"] = 'Your password didn\'t change';
			}
			
			$selectid = DBExecute("SELECT id FROM person WHERE username = ?",$_SESSION["accountNo"]);
			$id = $selectid->fetchAssocRow();//find the person's id to redirect to the person's own page
			$url = "../person_view.php?id=".$id["ID"]."#maintabs-4";
			echo "<HTML><META http-equiv=\"refresh\" content=\"0; url='".$url."'\"></HTML>";//redirect to the person's own page
		}
	}
}
else 
{//user hasn't logged in
	$_SESSION["errmsg"] = "You didn't log in.";
	echo "<HTML><META http-equiv=\"refresh\" content=\"0; url=../login.php\"></HTML>";//redirect to the login page
}
?>